Blog post

My Detection Confidence Survey Results

By Anton Chuvakin | February 19, 2016 | 0 Comments


A few weeks ago I posted a quick one-question survey on threat and compromise detection. I asked “Imagine that you have clearly identified top 3 critical information assets (systems, documents, databases, etc) that your organization has, what is your confidence level that you will detect a compromise of one of these assets by a malicious party within 7 days from the compromise event?”

Here is what came out:


Total responses: 85

Comments? Here are a few:

  • If you laser-focus your detection defenses [on just top 3 assets, in this example], you can actually score a WIN. Reduce what you watch – and win!
  • It seems that this survey was phrased in a way to really summon the spirit of optimism in security. Those voting “<50% chance to detect” were in the minority [44.7% of you] while “>50% chance to detect” [55.2% of the respondents] are in the majority. Rejoice the security community!
  • I was 100% sure that nobody will answer “100% sure to detect”, yet some did. Sure, you can hypothesize that those are all vendors, but maybe not: I think if you have only 3 eggs in your “critical eggs” basket, you CAN watch it really well and gain surety of detection….
  • Still, “<5%” has a spike. Think about it. This is the domain of the appropriately paranoid and/or severely under-resourced, IMHO.

There you have it – have fun with it! More one-question polls coming soon.

Possibly related blog posts:

The Gartner Blog Network provides an opportunity for Gartner analysts to test ideas and move research forward. Because the content posted by Gartner analysts on this site does not undergo our standard editorial review, all comments or opinions expressed hereunder are those of the individual contributors and do not represent the views of Gartner, Inc. or its management.

Comments are closed